CVE-2025-8708 is a deserialization vulnerability identified in Antabot White-Jotter version 0.22, specifically within the CookieRememberMeManager function of the ShiroConfiguration.java file in the com.gm.wj.config.ShiroConfiguration component. The vulnerability arises from the manipulation of the input parameter EVANNIGHTLY_WAOU, which leads to unsafe deserialization. Deserialization vulnerabilities occur when untrusted data is used to reconstruct objects, potentially allowing attackers to execute arbitrary code or manipulate application logic. In this case, the vulnerability can be exploited remotely without user interaction, but the attack complexity is considered high, and exploitation is difficult. The vulnerability has been publicly disclosed, but no known exploits are currently observed in the wild. The CVSS 4.0 score is 2.3, indicating a low severity rating, primarily due to the high attack complexity, limited impact on confidentiality, integrity, and availability, and the requirement for low privileges. The vulnerability does not require user interaction, and the scope is limited to the affected version 0.22 of the product. The lack of available patches or mitigations at the time of disclosure increases the risk for organizations using this specific version of Antabot White-Jotter. Given the involvement of the Apache Shiro framework component, which is widely used for authentication and session management, the vulnerability could potentially impact session security if exploited successfully.

For European organizations using Antabot White-Jotter 0.22, this vulnerability could lead to unauthorized manipulation of session or authentication data, potentially allowing attackers to bypass security controls or execute limited unauthorized actions. However, due to the high complexity and difficulty of exploitation, the immediate risk is low. The impact on confidentiality, integrity, and availability is limited, but organizations relying on this product for critical authentication or session management functions should be cautious. If exploited, it could undermine trust in user session management and potentially lead to unauthorized access or session hijacking. The lack of known exploits in the wild reduces immediate threat levels, but the public disclosure means attackers could develop exploits over time. European organizations in sectors with high security requirements, such as finance, healthcare, and government, should be particularly vigilant. Additionally, organizations using older or unpatched versions of the software are at higher risk. The vulnerability's remote exploitability without user interaction increases the attack surface, especially for externally facing services.

1. Immediate upgrade: Organizations should upgrade Antabot White-Jotter to a version where this vulnerability is patched once available. If no patch exists, consider disabling or restricting the use of the CookieRememberMeManager component temporarily. 2. Input validation: Implement strict input validation and sanitization on the EVANNIGHTLY_WAOU parameter or any serialized data inputs to prevent malicious payloads from being processed. 3. Network controls: Restrict access to the affected service to trusted networks or IP addresses using firewalls or network segmentation to reduce exposure. 4. Monitoring and detection: Deploy monitoring to detect anomalous deserialization attempts or unusual activity related to session management. 5. Least privilege: Ensure that the application and its components run with the least privileges necessary to limit the impact of a successful exploit. 6. Web application firewall (WAF): Use a WAF with rules to detect and block suspicious deserialization payloads targeting this vulnerability. 7. Incident response readiness: Prepare incident response plans specific to deserialization attacks, including forensic analysis and containment strategies. 8. Vendor engagement: Engage with Antabot for updates, patches, or recommended workarounds and subscribe to their security advisories.